Custom Implementation, Services, Training & Support through Experienced, Wise Use of Available Knowledge, Facilitating Access to Relevant Information, Research and Opportunities besides hands on EPMO and EPMS Projects. Ask !

Configure browser security settings for ActiveX controls in Project Web Access 2007ActiveX controls are used for certain functionality in Microsoft Office Project Professional 2007 and in Microsoft Office Project Web Access. In order for the ActiveX controls to work properly, the Office Project Web Access Web site must be added to the list of trusted sites in Internet Explorer. There are additional security settings that can be configured, but they are optional. This article describes how to configure these security settings.Identify and perform the procedures that are needed in your environment

Add the Project Web Access site to the list of trusted sites1. In Internet Explorer, on the Tools menu, click Internet Options.2. On the Security tab, in the Select a zone to view or change security settings box, click Trusted Sites, and then click Sites. The Trusted sites dialog box appears.3. Clear the Require server verification (https:) for all sites in this zone check box.4. In the Add this Web site to the zone box, type the URL for the Project Web Access site, and then click Add.5. Click Close to close the Trusted sites dialog box.6. Click OK to close the Internet Options dialog box.Turn off Internet Explorer protected mode on a computer running Microsoft Windows Vista1. In Internet Explorer, on the Tools menu, click Internet Options.2. Click the Security tab, then clear the Enable protected mode check box.3. Close Internet Explorer and then start it again to finish changing this setting.Enable prompting on controls that are not safe for scripting1. In Internet Explorer, on the Tools menu, click Internet Options.2. On the Security tab, in the Select a zone to view or change security settings box, click Internet, and then click Custom level. The Security Settings — Internet Zone dialog box appears.3. In the tree control named Settings, in the ActiveX controls and plug-ins section, select Prompt under Initialize and script ActiveX controls not marked as safe for scripting.4. Click OK to save the change and close the Security Settings - Internet Zone window.5. On the Security tab, in the Select a zone to view or change security settings box, click Local Intranet, and then click Custom level. The Security Settings — Local Intranet Zone dialog box appears.6. Click OK to save the change and close the Security Settings - Internet Zone window.7. Click OK to save the change and close the Internet Options dialog box.Set "Allow Programmatic Clipboard access" to "Enable" or "Prompt" in Internet Explorer1. In Internet Explorer, on the Tools menu, click Internet Options.2. On the Security tab, in the Select a zone to view or change security settings box, click Internet, and then click Custom level. The Security Settings — Internet Zone dialog box appears.3. In the tree control named Settings, in the Scripting section, select Prompt under Allow programmatic Clipboard access.4. Click OK to save the change and close the Security Settings - Internet Zone dialog box.5. On the Security tab, in the Select a zone to view or change security settings box, click Local Intranet, and then click Custom level. The Security Settings — Local Intranet Zone dialog box appears.6. In the tree control named Settings, in the Scripting section, select Prompt under Allow programmatic Clipboard access.7. Click OK to save the change and close the Security Settings - Internet Zone dialog box.8. Click OK to save the change and close the Internet Options dialog box.Enable cross-domain accessYou may encounter a situation in which a user in a separate domain wants functionality provided by an ActiveX control. This situation can make that user's computer less secure, and thus it should be dealt with carefully. Planning for security is important because an ActiveX control is particularly vulnerable to attack. An application running on any Web site can use the control; all that it needs is the control's class identifier (CLSID). The control may be used in ways that you do not intend. Such an action might be friendly or it might be a malicious attack on the computer running the control.Caution: Users should not, as a rule, enable cross-domain access on any zone apart from "Trusted Sites" because it is very dangerous, as it opens the door to attacks on in-domain resources from sites outside the domain. Be judicious about advising users to enable cross-domain access.